jelbrekLib icon indicating copy to clipboard operation
jelbrekLib copied to clipboard

Published 20 hours ago verified publisher icon jakeajames

Some question about bypassCodeSign()

Open xuanxt opened this issue 6 years ago • 3 comments

Hi,Jake James I copy one dylib to my app bundle, it signed by ldid2. Then i use bypassCodeSign() to bypass all codesign checks for it. Like this: bypassCodeSign(path_of_dylib_at_bundle); It just crash and no return. I try sign the dylib with a legit cert, but It still crash.

OSVersion: iOS12.1

xuanxt avatar Apr 09 '19 16:04 xuanxt

What device is it? A12 is not supported. If not A12: What kind of crash? App crash or kernel panic? Send logs?

jakeajames avatar Apr 09 '19 21:04 jakeajames

Not A12. It is kernel panic. crash line at here: uint64_t ents = Kernel_Execute(Find_osunserializexml(), (uint64_t)new_entitlements + offsetof(CS_GenericBlob, data), 0, 0, 0, 0, 0, 0); Kernel_Execute() crash line: uint64_t returnval = IOConnectTrap6(UserClient, 0, (uint64_t)(x1), (uint64_t)(x2), (uint64_t)(x3), (uint64_t)(x4), (uint64_t)(x5), (uint64_t)(x6)); UserClient has a value. x1,x2,x3,x4,x5,x6 all 0; Kernel_Execute has been initialized.

log file: panic-full-2019-04-10-150125.794.ips.synced.zip

xuanxt avatar Apr 10 '19 07:04 xuanxt

This is an iPad Mini 2? Now that I think, OSUnserializeXML is broken in there and idk why. I'll probably see how unc0ver does it. For now, you can skip adding entitlements.

jakeajames avatar Apr 10 '19 14:04 jakeajames